I am trying to authenticate users with Facebook using OmniAuth. Initially, it was working, but along the way it just stopped working and started to give me this error message:
OpenSSL::SSL::SSLError SSL_connect
returned=1 errno=0 state=SSLv3 read
server certificate B: certificate
verify failed
The same code works well for Twitter and I can't seem to understand why it doesn't work for Facebook. I have looked online for help, but I haven't been successful.
This is the link to the website I am building: http://www.bestizz.com/
And this url would give you the error message: http://www.bestizz.com/auth/facebook
Ruby cannot find any root certificates. Here is an option for debugging purposes. Put following code at the begining of your script:
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
Add the following code to config/initializers/fix_ssl.rb
require 'open-uri'
require 'net/https'
module Net
class HTTP
alias_method :original_use_ssl=, :use_ssl=
def use_ssl=(flag)
self.ca_file = "/etc/pki/tls/certs/ca-bundle.crt" # for Centos/Redhat
self.verify_mode = OpenSSL::SSL::VERIFY_PEER
self.original_use_ssl = flag
end
end
end
Note:
Many operating systems already come with a supplied certificate bundle.
For example in Red Hat Enterprise Linux and CentOS it's installed in:
/etc/pki/tls/certs/ca-bundle.crt
For Ubuntu its at:
/etc/ssl/certs/ca-certificates.crt
I've been facing the same problem after updating Ruby running on Yosemite, but while trying to authenticate with Google.
Following this: https://toadle.me/2015/04/16/fixing-failing-ssl-verification-with-rvm.html seemed to solve my problem.
For the sake of history I'll quote:
So the rvm-installed ruby does look into the wrong directory for certificates whereas the OSX-ruby will look into the correct one. In it's case that is a OSX system-directory.
So the rvm-installed ruby is the problem.
This discussion on Github finally gave the solution: Somehow RVM comes with a precompiled version of ruby that is statically linked against an openssl that looks into /etc/openssl for it's certificates.
What you wanna do is NOT TO USE any of the precompiled rubies and rather have ruby compiled on your local machine, like so: rvm install 2.2.0 --disable-binary
In the end, I had to run:
rvm uninstall ruby-2.2.4
rvm install ruby-2.2.4 --disable-binary
gem pristine --all
Hope this helps
Looks like SSL verification is failing for Facebook. I'm no OpenSSL master, but I think this should work for you.
Assuming you're using an up-to-date version of OmniAuth (>= 0.2.2, I assume you are) and a version of Faraday >= 0.6.1 (the stack trace says you are), you can pass the location of your CA certificates bundle. Modify your OmniAuth setup for Facebook accordingly:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'appid', 'appsecret', {:scope => 'publish_stream,email', :client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}}
# other providers...
end
and replace '/etc/ssl/certs' with the path to your bundle. If you need one, I believe this file will work for you--just put it somewhere, give it necessary permissions, and point your app at it.
Thanks to Alex Kremer at this SO answer for the detailed instructions.
This link should work. https://gist.github.com/fnichol/867550 Just follow the instructions. You will need to download Rails installer and run two command line functions.
Do this, this will get ride of the certificate error with openssl
sudo curl http://curl.haxx.se/ca/cacert.pem -o /opt/local/etc/openssl/cert.pem
An ugly workaround I just did is to override the class in Net::HTTP and set the variable which tells it to not verify ssl certs:
require 'net/http'
require 'openssl'
class Net::HTTP
alias_method :orig_connect, :connect
def connect
#ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
orig_connect
end
end
I did it this way because I don't want to muck with the source code of the gem which calls the gem which calls the gem which calls Net::HTTP. I should really go back and figure out how to nudge it to look at a separate cacert.pem file instead. I can't modify the server's cacert.pem file, or that would be the best route.
Related
So I'm trying to get Google authentication to work with rails and devise. I followed this github setup and when the user gets redirected after a successful login I get this error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've literally tried every solution I can find online and nothing seems to work. I downloaded the new cert which is in /usr/local/etc/openssl/certs/cert.pem and this is in my devise.rb:
config.omniauth :google_oauth2, "92780849937-vk78tsfss43p1m9k95ijfhimi422hfh7.apps.googleusercontent.com", "oEM4yvhazRJBgL7ANtpVtpU5", { :client_options => {:ssl => {:ca_path => "/usr/local/etc/openssl/certs"}}}
I'm running ruby 2.1.0 and Rails 4.2.4
Is there something I'm missing? Maybe a different solution for this version of rails?
I added this to my application.rb so I can keep working but obviously its pretty horrible hahahaha
require 'openssl'
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
You can add the gem 'certified' to your Gemfile to fix this issue.
Check their Github page
And this SO question
Using the following guide
http://spontaneousderivation.com/2012/09/30/rails-3-2-on-a-shared-dreamhost-server/
I managed to get my Rails 3.2.8 application with Ruby 1.9.3 up and running on Dreamhost shared hosting using fcgi (i know it is not the best solution, but I don't want to downgrade my applications to 3.0 and I lack skill and money for a VPS ).
Following the guides on DH wiki:
http://wiki.dreamhost.com/RMagick
http://wiki.dreamhost.com/Image_Magick#Compiling_ImageMagick_on_your_DreamHost_account
I installed my own version of ImageMagic and RMagic as a local gem.
However when I try to run application with RMagic functionality I get the following error in error.log:
'Premature end of script headers: dispatch.fcgi'.
I found out it is occurring when I uncomment the following line in my uploader:
include CarrierWave::RMagick
Running dispatch.fcgi from shell does not report any errors.
I assume that the problem might be caused by LD_LIBRARY_PATH or other env variables (listed in DH wiki) but tried including them in my .bashrc, .bash_profile and dispatch.fcgi but without effect.
This solution is valid as of 3/7/2013. I just used it to deploy a new app to DH.
In your gemfile...
gem 'paperclip'
Then run "bundle install" from your app directory.
In your public/dispatch.fcgi...copy the code below and replace APPNAME with the name listed in your config/application.rb module, USER with your DH username, and RUBY with the specific ruby version listed in the output from "which ruby" on the command line on your DH ssh session.
#!/home/USER/.rvm/rubies/RUBY/bin/ruby
ENV['RAILS_ENV'] ||= 'production'
ENV['HOME'] ||= `echo ~`.strip
ENV['GEM_HOME'] = File.expand_path('~/.rvm/gems/RUBY')
ENV['GEM_PATH'] = File.expand_path('~/.rvm/gems/RUBY') + ":" +
File.expand_path('~/.rvm/gems/RUBY#global')
require 'fcgi'
require File.join(File.dirname(__FILE__), '../config/environment.rb')
class Rack::PathInfoRewriter
def initialize(app)
#app = app
end
def call(env)
env.delete('SCRIPT_NAME')
parts = env['REQUEST_URI'].split('?')
env['PATH_INFO'] = parts[0]
env['QUERY_STRING'] = parts[1].to_s
#app.call(env)
end
end
Rack::Handler::FastCGI.run Rack::PathInfoRewriter.new(APPNAME::Application)
No special processing is needed to get paperclip working assuming you have a valid install of RVM. Aside from the specifics I mentioned above (specifically the dispatch.fcgi is slightly changed), you can follow this guide, http://spontaneousderivation.com/2012/09/30/rails-3-2-on-a-shared-dreamhost-server/.
RMagick and ImageMagick are notorious for having compile / runtime issues. I recommend ditching RMagick in favor of something like MiniMagick. It looks like CarrierWave has a MiniMagick processor you can use instead: https://github.com/jnicklas/carrierwave/blob/master/lib/carrierwave/processing/mini_magick.rb
MiniMagick just shells out directly to the ImageMagick processes so you avoid the issues of linking to compiled binaries. In the past, RMagick was also known to be the source of memory leaks etc.
Also, you should seriously consider Heroku for deployment. A single dyno is free and I bet your experience will be much better.
Apologies if this has been answered already, but I'm going through the posts here and can't find something that works.
I've got Devise working with rails for authentication, and I'm trying to integrate OmniAuth for facebook. I'm getting the SSL error that has been posted about in the past.
My error:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
I've been through the solutions for windows and none seem to work. I'm just trying to get this working in dev on a windows machine, so I'm willing to take unsecure shortcuts to get it up and running and then figure out what's necessary in production later on.
I'm using:
rails 3.2.2
warden 1.1.1
devise 2.0.4
faraday 0.7.6
oauth2 0.5.2
omniauth 1.0.3
omniauth-oauth2 1.0.0
omniauth-facebook 1.2.0
I've tried a couple different things in omniauth.rb:
omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, APP_ID, APP_SECRET, {client_options: {ssl: {ca_file: Rails.root.join('lib/assets/cacert.pem').to_s}}}
#provider :facebook, APP_ID, APP_SECRET, {:client_options => {:ssl => {:verify => false}}}
end
The second option (commented) is supposed to suppress ssl cert checking entirely, as far as I understand it. But that doesn't work - same error. With the first option, I downloaded the appropriate file and put it in by lib/assets directory, but that doesn't seem to work either.
Has something changed recently with this? Am I missing something obvious?
Looks like the way to do it is here:
https://gist.github.com/867550
Try following the instructions given in this link:
http://jimneath.org/2011/10/19/ruby-ssl-certificate-verify-failed.html
And you have to make this minor change in fix_ssl.rb at the end:
self.ca_file = Rails.root.join('lib/ca-bundle.crt').to_s
I hope this helps.
I've been trying to use HTTParty in my rails code
sudo gem install httparty
From the command line I can now successfully do
httparty "http://twitter.com/statuses/public_timeline.json"
When I try this in my rails app
require 'rubygems'
require 'httparty'
class FooController < ApplicationController
include HTTParty
def bar
blah = HTTParty.get("http://twitter.com/statuses/public_timeline.json")
end
end
I get the error message "no such file to load -- httparty"
I suspect there is something wrong with my environment?
You don't need to do 'include HTTParty' inside the Controller. Just remove that and it should work. I just tested it and it worked for me. If this doesn't work for you, you should add the gem to your environment.
Usually if you use a gem inside your Rails application, you should add the following to environment.rb:
config.gem "httparty"
The gem will be available in the application now and you don't need to add 'require' inside the Controller. Also, you don't need to require RubyGems inside a Controller.
When you use Rails 3, you need to put the following inside the Gemfile:
gem "httparty"
I hope it works for you. :)
The problem is, if you load a new gem, you have to restart the server even if you are in development.
I had this same error. I tried moving the require HTTParty all over, but found, all I needed to do was restart the rails server In the end I did not need to 'require HTTParty' nor 'include' it. It just needed to be loaded into rails.
1)include the httpary in your gemfile
open your gem file then add
gem 'httparty','YOUR VERSION NUMBER'
2) run bundle install in your command prompt of the app file
3) restart the server
Ran into the same problem. Then I switched from Ruby 1.8.7 to Ruby 1.9.2 and all errors varnished into thin air.
(Yes, it first took me quite some hours to come up with the possibility that the Ruby version might be the problem. Configured a secundairy server to avoid possible conflicts with 2 ruby versions, and after way to many hours I got my RoR stack up and running. And the first test with httparty (based on the example on top) worked out of the box! Finally can sleep RESTfully again :-)
I run into the same error whilst reviewing a project from a student, I change the name of the Gem from uppercase to lowercase then run bundle install. I then went ahead to change the format in which they were being imported from
require 'HTTParty' to require 'httparty' and boom it worked
I am attempting to get a gem I installed working in a Rails application. I can require the gem just fine in a Ruby program that I run from the command line using:
require 'nokogiri'
But when I attempt to do the same in one of my Rails controllers it errors saying "no such file to load -- nokogiri".
I tried using the full path to the lib/nokogiri.rb file, but that fails because it cannot find "nokogiri/native".
Better, place the following in your environment.rb file:
Rails::Initializer.run do |config|
...
config.gem :nokogiri
...
end
This will tell Rails that you depend on that particular gem. It also allows you to specify particular versions, and it will automatically keep all your gems synched, or unpack them into vendor/gems if you so wish.
I had a similar error but simply forgot to put the following in my environment.rb file: (note the quoted "nokogiri")
Rails::Initializer.run do |config|
...
config.gem "nokogiri"
...
end
Ok I figured it out. This is going to sound pretty stupid...but oh well...
It turns out I had two installations of ruby on my machine. I use InstantRails to serve my test applications and it comes prepackaged with an installation of ruby. I had another installation however outside of this and it was here that nokogiri had been installed, not in the installation in InstantRails.
In any case they were looking in different spots for the gems.
Try the following
require 'rubygems'
gem 'nokogiri'
If you are on some form of *nix then did you get any errors when you installed the gem, particularly errors stating that the gem was not on the path. This may happen if you have installed the gem as yourself rather than as root and you do not have your personal gem library in your gem path.
If you always install your gems using
sudo gem install some_gem_name
then you should not get that problem.